agenttesla | 8c23f9c9fd9e4191ca5a6a9af791749c55cc59b50a0d1375c6bac51200546a83 | Triage

Submit
Reports

Overview

overview

Static

static

Consignmet...df.exe

windows7_x64

Consignmet...df.exe

windows10-2004_x64

Sharing

General

Target

8c23f9c9fd9e4191ca5a6a9af791749c55cc59b50a0d1375c6bac51200546a83
Size

386KB
Sample

220521-af4fbaabg6
MD5

aad0a24dbd295b6e01f84b1027b083d9
SHA1

3fbe9f1d08ff3dd57373064938aadf188a27dd4a
SHA256

8c23f9c9fd9e4191ca5a6a9af791749c55cc59b50a0d1375c6bac51200546a83
SHA512

2bcb4183a38f0e8c3869486b09b01c1a2481b8e0ad2634ec203960d0a7aed861beb7cefd719e9f9358df29da1031af109779b4473869676438529d9837167bd8

Score

10^/10

agenttesla collection keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Consignmet Details AWB-7253-8341 pdf.exe

Resource

win7-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Consignmet Details AWB-7253-8341 pdf.exe

Resource

win10v2004-20220414-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.flood-protection.org
Port:
587
Username:
[email protected]
Password:
gee2424@

Extracted

Credentials

Protocol: smtp
Host:
mail.flood-protection.org
Port:
587
Username:
[email protected]
Password:
gee2424@

Targets

- Target
  
  Consignmet Details AWB-7253-8341 pdf.exe
- Size
  
  562KB
- MD5
  
  d46026eb47c65468dce41badcc2dca4d
- SHA1
  
  334b7a44a762907195a65988bec0294235641d35
- SHA256
  
  ac2a8ec48860c4d9d76c6f04dae47225b44aca9fca3ab4ec6adb3c81d268cb00
- SHA512
  
  9549d136d730f99f28f871635b519efec921926658d77e3e0de0a0cb092ed2e1c01d18e7e0b823a41e62bba09f324bf47221a0b6a84f89ce46956546ef79b843
Score

10^/10

agenttesla collection keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionkeyloggerspywarestealertrojan

behavioral2

agentteslacollectionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy